Modify the signature of the k_mem_slab_free() function with a new one,
replacing the old void **mem with void *mem as a parameter.
The following function:
void k_mem_slab_free(struct k_mem_slab *slab, void **mem);
has the wrong signature. mem is only used as a regular pointer, so there
is no need to use a double-pointer. The correct signature should be:
void k_mem_slab_free(struct k_mem_slab *slab, void *mem);
The issue with the current signature, although functional, is that it is
extremely confusing. I myself, a veteran Zephyr developer, was confused
by this parameter when looking at it recently.
All in-tree uses of the function have been adapted.
Fixes#61888.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Some architectures such as RISC-v support more than 255 interrupts
per aggrigator. This diff adds the ability to forgo the aggrigator
pattern and use a configurable number of bits for multilevel
interruts.
Signed-off-by: Joshua Lilly <jgl@meta.com>
This is meant as a substitute for sys_clock_timeout_end_calc()
Current sys_clock_timeout_end_calc() usage opens up many bug
possibilities due to the actual timeout evaluation's open-coded nature.
Issue ##50611 is one example.
- Some users store the returned value in a signed variable, others in
an unsigned one, making the comparison with UINT64_MAX (corresponding
to K_FOREVER) wrong in the signed case.
- Some users compute the difference and store that in a signed variable
to compare against 0 which still doesn't work with K_FOREVER. And when
this difference is used as a timeout argument then the K_FOREVER
nature of the timeout is lost.
- Some users complexify their code by special-casing K_NO_WAIT and
K_FOREVER inline which is bad for both code readability and binary
size.
Let's introduce a better abstraction to deal with absolute timepoints
with an opaque type to be used with a well-defined API.
The word "timeout" was avoided in the naming on purpose as the timeout
namespace is quite crowded already and it is preferable to make a
distinction between relative time periods (timeouts) and absolute time
values (timepoints).
A few stacks are also adjusted as they were too tight on X86.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Scheduling relative timeouts from within timer callbacks (=sys clock ISR
context) differs from scheduling relative timeouts from an application
context.
This change documents and explains the rationale of this distinction.
Signed-off-by: Florian Grandel <fgrandel@code-for-humans.de>
cooperative priorities are negative, 0 is not a cooperative priority.
Looks like the docs are showing an outdated diagram for some reason, try
to update that with a refresh.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Updates the data passing summary table to indicate that the size of
a message queue data item must be a multiple of its data alignment.
This brings the documentation in both the summary table and the
message queue documentation into alignment.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Since not all syscalls are generated to be included in
the final binaries due to changes in build steps and CMake
files, update the document to clarify what needs to be
done to include specific syscalls in final binaries.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Updates the FIFO and LIFO documentation to clarify behavior
surrounding re-adding data items to queues.
Fixes#56336
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
As both C and C++ standards require applications running under an OS to
return 'int', adapt that for Zephyr to align with those standard. This also
eliminates errors when building with clang when not using -ffreestanding,
and reduces the need for compiler flags to silence warnings for both clang
and gcc.
Signed-off-by: Keith Packard <keithp@keithp.com>
The typedef defines an interrupt config routine with `const struct device
*dev`, while the example function had (void) as argument. This could be
considered confusing / would throw compiler warnings even though the
parameter isn't strictly necessary.
Code examples for initializing an IRQ in a device example follow the
updated pattern (e.g. see `drivers/serial/uart_npcx.c`).
Signed-off-by: Sophie Tyalie <dev@flowerpot.me>
Augment the doc with functionality added in commit a211970b42 ("riscv:
improve contended FPU switching").
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
FPU context switching is always performed on demand through the FPU
access exception handler. Actual task switching only grants or denies
FPU access depending on the current FPU owner.
Because RISC-V doesn't have a dedicated FPU access exception, we must
catch the Illegal Instruction exception and look for actual FP opcodes.
There is no longer a need to allocate FPU storage on the stack for every
exception making esf smaller and stack overflows less likely.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Update usage of zephyr_code_relocate to new API, and add examples of
relocating a library target, as well as using multiple files in list or
CMake generator expressions.
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
Inclusion of this file is now deprecated in favor of
find_package(Zephyr ...). Update documentation appropriately.
Signed-off-by: Marti Bolivar <marti.bolivar@nordicsemi.no>
Use z_user_to_copy() instead of directly writing to the user provided
pointer to validate that the user has write permission to underlying
memory location.
It is important to verify the memory not only for reads, but also for
writes, as otherwise the function can be abused by usermode code to
write to privileged read/write, unprivileged read-only memory partition.
Signed-off-by: Tomasz Moń <tomasz.mon@nordicsemi.no>
Kconfig options have to be prefixed with :kconfig:option: in order to
appear as links in generated html output.
Signed-off-by: Tomasz Moń <tomasz.mon@nordicsemi.no>
The `ARCH` init level was added to solve a specific problem, call init
code (SYS_INIT/devices) before `z_cstart` in the `intel_adsp` platform.
The documentation claims it runs before `z_cstart`, but this is only
true if the SoC/arch takes care of calling:
```c
z_sys_init_run_level(_SYS_INIT_LEVEL_ARCH);
```
Which is only true for `intel_adsp` nowadays. So in practice, we now
have a platform specific init level. This patch proposes to do things in
a slightly different way. First, level name is renamed to `EARLY`, to
emphasize it runs in the early stage of the boot process. Then, it is
handled by the Kernel (inside `z_cstart()` before calling
`arch_kernel_init()`). This means that any platform can now use this
level. For `intel_adsp`, there should be no changes, other than
`gcov_static_init()` will be called before (I assume this will allow to
obtain coverage for code called in EARLY?).
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
document new initialization level ARCH, used to init drivers/services
very early in the ARCH code and before z_cstart().
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
If a semaphore is contested, it is possible that the semaphore will no
longer be available when k_sem_take() is called, not k_sem_give().
Fix few typos and explicitly mention poll events instead of "they".
Signed-off-by: Tomasz Moń <tomasz.mon@nordicsemi.no>
The commit c844bd87b3 removed the support
for passing a memory block (allocated in a memory pool) as message
data, but did not update the relevant documentation.
This commit removes any references to the memory block support, which
was removed in the v2.5.0 release, in the mailbox API documentation.
Signed-off-by: Stephanos Ioannidis <stephanos.ioannidis@nordicsemi.no>
Currently, to compute the 'item' size in a ring buffer, we have
`SIZE32_OF`.
Several issues with this:
- `SIZE32_OF` only works on variables, not types, due to an extra
parenthesis pair. Indeed, `sizeof((int))` is not valid C, whereas
`sizeof((my_var))` is.
- `SIZE32_OF` is not a proper public API
- `SIZE32_OF` rounds down if the argument size is not a multiple
of 4 bytes.
Thus, we introduce a proper `RING_BUF_ITEM_SIZEOF`, fixing the
aforementioned issues.
Signed-off-by: Henri Xavier <datacomos@huawei.com>
The pipes implementation has been updated to allow ISRs to both
send and receive data to/from pipes provided the K_NO_WAIT timeout
option is used.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Updates the priority inheritance description to better explain what
happens during priority inheritance and warn of the consequences of
not following best-practices.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Move scripts needed by the build system and not designed to be run
individually or standalone into the build subfolder.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move scripts needed by the build system and not designed to be run
individually or standalone into the build subfolder.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Currently the device MMIO APIs is only able to map single DT-defined
regions and also the _NAMED variant is assuming that each DT-defined
device has only one single region to map.
This is a limitation and a problem when in the DT are defined devices
with multiple regions that need to be mapped.
This patch is trying to overcome this limitation by introducing the
DEVICE_MMIO_NAMED_ROM_INIT_BY_NAME macro that leveraged the 'reg-names'
DT property to map multiple regions defined by a single device.
So for example in the DT we can have a device like:
driver@c4000000 {
reg = <0xc4000000 0x1000>, <0xc4001000 0x1000>;
reg-names = "region0", "region1";
};
and then we can use DEVICE_MMIO_NAMED_ROM_INIT_BY_NAME doing:
struct driver_config config = {
DEVICE_MMIO_NAMED_ROM_INIT_BY_NAME(region0, DT_DRV_INST(0)),
DEVICE_MMIO_NAMED_ROM_INIT_BY_NAME(region1, DT_DRV_INST(0)),
};
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
This commit adds the sections describing how the dynamic memory
management is handled to the C language support and standard library
documentations.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
The kernel documentation listed the memory management API pages under
two different sections: 'Kernel/Kernel Services' and
'Kernel/Memory Management' -- this creates unnecessary confusion and
makes it hard to look up all supported kernel memory management APIs.
This commit relocates the memory management API pages under
'Kernel/Kernel Services' to 'Kernel/Memory Management' so that all
memory management APIs provided by the kernel are described in one
unified section.
The link to the 'Kernel/Memory Management' index page is still left in
the 'Kernel Services' page because it may still be helpful to look at
it as part of the services provided by the Zephyr kernel -- it is just
more substantial than the rest and deserves more visibility.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit adds the 'Language Support' sub-category under the
'Developing with Zephyr' category with programming language support-
related documentations.
The contents of the 'C standard library' page have been relocated to
the 'C Language Support' page, and the contents of the 'C++ Support for
Applications' page have been relocated to the 'C++ Language Support'
page.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit adds a dedicated page for the Zephyr SDK under the
'Toolchains' sub-category under 'Developing with Zephyr'.
The content of this page is based on the Zephyr SDK installation
instruction from the 'Getting Started Guide'.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Moves the 'Flushing a Pipe' code example to the correct location
and section and re-adds the 'Suggested Uses' text missing
compared to v2.7.
Signed-off-by: Archie Atkinson <archie.atkinson@chiaro.co.uk>
At some recent point, directory <zephyr-root>/include was moved to
<zephyr-root>/include/zephyr. However, links from documentation to
Zephyr source on Github were not updated. Update them now.
Signed-off-by: Aleksandar Markovic <aleksandar.markovic.sa@gmail.com>
Updates the threads documentation to clarify the distinction between
ready and running states.
Fixes 44255
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Move this section under the kernel and alongside other core and low
level features that are tied to the kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move this section under the kernel and alongside other core and low
level features that are tied to the kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move this section under the kernel and alongside other core and low
level features that are tied to the kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move this section under the kernel and alongside other core and low
level features that are tied to the kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move this section under the kernel and alongside other core and low
level features that are tied to the kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move this section under the kernel and alongside other core and low
level features that are tied to the kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move the kernel documentation up and make it a main chapter. Right now
it is hidden very low in the structure under references.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move guides and APIs into separate directories and cleanup naming
introducing index files rather than named section files.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
There are no longer per-partition initialization functions.
Instead, we iterate over all of them at boot to set up the
derived k_mem_partitions properly.
Some ARC-specific hacks that should never have been applied
have been removed from the userspace test.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The public APIs for application shared memory are now
properly documented and conform to zephyr naming
conventions.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The app shared memory macros for declaring domains provide
no value, despite the stated intentions.
Just declare memory domains using the standard APIs for it.
To support this, symbols declared for app shared memory
partitions now are struct k_mem_partition, which can be
passed to the k_mem_domain APIs as normal, instead of the
app_region structs which are of no interest to the end
user.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Instead of having kernel APIs documentated in a separate page, move the
API references to the object pages and have everything in one place.
Remove the intermediate category page and list all section under the
kernel directly.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Put the kernel overview at the top level of the kernel documentation and
make it visible immediatly when browsing the kernel docs.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
There is an effort underway to make most of the Zephyr build script's
reentrant. Meaning, the build scripts can be executed multiple times
during the same CMake invocation.
Reentrancy enables several use-cases, the motivating one is the
ability to build several Zephyr executables, or images, for instance a
bootloader and an application.
For build scripts to be reentrant they cannot be directly referencing
global variables, like target names, but must instead reference
variables, which can vary from entry to entry.
Therefore, in this patch, we replace global targets with variables.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
With the new theme we are able to have more section in the top level.
Move things around and expose the most important sections in the top
table of content.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
In general driver system calls are implemented at a subsystem
layer. However, some drivers may have capabilities specific to
the hardware not covered by the subsystem API. Such drivers may
want to define their own system calls.
This macro makes it simple to validate in the driver-specific
system call handlers that not only does the untrusted device
pointer correspond to the expected subsystem, initialization
state, and caller permissions, but also that the device object
is an instance of a specific driver (and not just any driver in
that subsystem).
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Update interrupts.rst with information on how to use dynamic
interrupts. As they are used in the same way as IRQ_CONNECT(),
not much needs to be written.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Application shared memory API uses 'appmem_' prefix for
its functions and macros. This commit updates the respective
documentation to align with the API convention.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
k_poll_signal was being used by both, struct and function. Besides
this being extremely error prone it is also a MISRA-C violation.
Changing the function to contain a verb, since it performs an action
and the struct will be a noun. This pattern must be formalized and
followed and across the project.
MISRA-C rules 5.7 and 5.9
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The phrase "object must have _k_object_init() on it at some point"
visibly misses "called".
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Fixing a few minor typo fixes in kernel/mem_domain.c
and the respective documentation section.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Extended ring buffer to allow storing raw bytes in it. API has been
extended keeping 'data item' mode untouched.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Deprecate API prefixed with sys_ring_buf_ and rename it
to ring_buf_item_ since this API is not a typical ring buffer
but ring buffer of data items (metadata + 32bit words).
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Make the multi-level interrupts diagram more clear by saying:
- the "-" means an interrupt slot
- all interrupt slots are numbered from 0 starting from right most
- alphabets denote devices
- add an example chain for device D
Signed-off-by: Yasushi SHOJI <y-shoji@ispace-inc.com>
Summary: revised attempt at addressing issue 6290. The
following provides an alternative to using
CONFIG_APPLICATION_MEMORY by compartmentalizing data into
Memory Domains. Dependent on MPU limitations, supports
compartmentalized Memory Domains for 1...N logical
applications. This is considered an initial attempt at
designing flexible compartmentalized Memory Domains for
multiple logical applications and, with the provided python
script and edited CMakeLists.txt, provides support for power
of 2 aligned MPU architectures.
Overview: The current patch uses qualifiers to group data into
subsections. The qualifier usage allows for dynamic subsection
creation and affords the developer a large amount of flexibility
in the grouping, naming, and size of the resulting partitions and
domains that are built on these subsections. By additional macro
calls, functions are created that help calculate the size,
address, and permissions for the subsections and enable the
developer to control application data in specified partitions and
memory domains.
Background: Initial attempts focused on creating a single
section in the linker script that then contained internally
grouped variables/data to allow MPU/MMU alignment and protection.
This did not provide additional functionality beyond
CONFIG_APPLICATION_MEMORY as we were unable to reliably group
data or determine their grouping via exported linker symbols.
Thus, the resulting decision was made to dynamically create
subsections using the current qualifier method. An attempt to
group the data by object file was tested, but found that this
broke applications such as ztest where two object files are
created: ztest and main. This also creates an issue of grouping
the two object files together in the same memory domain while
also allowing for compartmenting other data among threads.
Because it is not possible to know a) the name of the partition
and thus the symbol in the linker, b) the size of all the data
in the subsection, nor c) the overall number of partitions
created by the developer, it was not feasible to align the
subsections at compile time without using dynamically generated
linker script for MPU architectures requiring power of 2
alignment.
In order to provide support for MPU architectures that require a
power of 2 alignment, a python script is run at build prior to
when linker_priv_stacks.cmd is generated. This script scans the
built object files for all possible partitions and the names given
to them. It then generates a linker file (app_smem.ld) that is
included in the main linker.ld file. This app_smem.ld allows the
compiler and linker to then create each subsection and align to
the next power of 2.
Usage:
- Requires: app_memory/app_memdomain.h .
- _app_dmem(id) marks a variable to be placed into a data
section for memory partition id.
- _app_bmem(id) marks a variable to be placed into a bss
section for memory partition id.
- These are seen in the linker.map as "data_smem_id" and
"data_smem_idb".
- To create a k_mem_partition, call the macro
app_mem_partition(part0) where "part0" is the name then used to
refer to that partition. This macro only creates a function and
necessary data structures for the later "initialization".
- To create a memory domain for the partition, the macro
app_mem_domain(dom0) is called where "dom0" is the name then
used for the memory domain.
- To initialize the partition (effectively adding the partition
to a linked list), init_part_part0() is called. This is followed
by init_app_memory(), which walks all partitions in the linked
list and calculates the sizes for each partition.
- Once the partition is initialized, the domain can be
initialized with init_domain_dom0(part0) which initializes the
domain with partition part0.
- After the domain has been initialized, the current thread
can be added using add_thread_dom0(k_current_get()).
- The code used in ztests ans kernel/init has been added under
a conditional #ifdef to isolate the code from other tests.
The userspace test CMakeLists.txt file has commands to insert
the CONFIG_APP_SHARED_MEM definition into the required build
targets.
Example:
/* create partition at top of file outside functions */
app_mem_partition(part0);
/* create domain */
app_mem_domain(dom0);
_app_dmem(dom0) int var1;
_app_bmem(dom0) static volatile int var2;
int main()
{
init_part_part0();
init_app_memory();
init_domain_dom0(part0);
add_thread_dom0(k_current_get());
...
}
- If multiple partitions are being created, a variadic
preprocessor macro can be used as provided in
app_macro_support.h:
FOR_EACH(app_mem_partition, part0, part1, part2);
or, for multiple domains, similarly:
FOR_EACH(app_mem_domain, dom0, dom1);
Similarly, the init_part_* can also be used in the macro:
FOR_EACH(init_part, part0, part1, part2);
Testing:
- This has been successfully tested on qemu_x86 and the
ARM frdm_k64f board. It compiles and builds power of 2
aligned subsections for the linker script on the 96b_carbon
boards. These power of 2 alignments have been checked by
hand and are viewable in the zephyr.map file that is
produced during build. However, due to a shortage of
available MPU regions on the 96b_carbon board, we are unable
to test this.
- When run on the 96b_carbon board, the test suite will
enter execution, but each individaul test will fail due to
an MPU FAULT. This is expected as the required number of
MPU regions exceeds the number allowed due to the static
allocation. As the MPU driver does not detect this issue,
the fault occurs because the data being accessed has been
placed outside the active MPU region.
- This now compiles successfully for the ARC boards
em_starterkit_em7d and em_starterkit_em7d_v22. However,
as we lack ARC hardware to run this build on, we are unable
to test this build.
Current known issues:
1) While the script and edited CMakeLists.txt creates the
ability to align to the next power of 2, this does not
address the shortage of available MPU regions on certain
devices (e.g. 96b_carbon). In testing the APB and PPB
regions were commented out.
2) checkpatch.pl lists several issues regarding the
following:
a) Complex macros. The FOR_EACH macros as defined in
app_macro_support.h are listed as complex macros needing
parentheses. Adding parentheses breaks their
functionality, and we have otherwise been unable to
resolve the reported error.
b) __aligned() preferred. The _app_dmem_pad() and
_app_bmem_pad() macros give warnings that __aligned()
is preferred. Prior iterations had this implementation,
which resulted in errors due to "complex macros".
c) Trailing semicolon. The macro init_part(name) has
a trailing semicolon as the semicolon is needed for the
inlined macro call that is generated when this macro
expands.
Update: updated to alternative CONFIG_APPLCATION_MEMORY.
Added config option CONFIG_APP_SHARED_MEM to enable a new section
app_smem to contain the shared memory component. This commit
seperates the Kconfig definition from the definition used for the
conditional code. The change is in response to changes in the
way the build system treats definitions. The python script used
to generate a linker script for app_smem was also midified to
simplify the alignment directives. A default linker script
app_smem.ld was added to remove the conditional includes dependency
on CONFIG_APP_SHARED_MEM. By addining the default linker script
the prebuild stages link properly prior to the python script running
Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Signed-off-by: Shawn Mosley <smmosle@tycho.nsa.gov>
This patch adds a set of priorities at the (numerically) lowest end of
the range which have "meta-irq" behavior. Runnable threads at these
priorities will always be scheduled before threads at lower
priorities, EVEN IF those threads are otherwise cooperative and/or
have taken a scheduler lock.
Making such a thread runnable in any way thus has the effect of
"interrupting" the current task and running the meta-irq thread
synchronously, like an exception or system call. The intent is to use
these priorities to implement "interrupt bottom half" or "tasklet"
behavior, allowing driver subsystems to return from interrupt context
but be guaranteed that user code will not be executed (on the current
CPU) until the remaining work is finished.
As this breaks the "promise" of non-preemptibility granted by the
current API for cooperative threads, this tool probably shouldn't be
used from application code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
User mode may now use queue objects. Instead of embedding the kernel's
linked list information directly in the data item, a container struct
is allocated from the caller's resource pool which is then added to
the queue. The new sflist type is now used to store a flag indicating
whether a data item needs to be freed when removed from the queue.
FIFO/LIFOs are derived from k_queues and have had allocator functions
added.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Similar to what has been done with pipes and message queues,
user mode can't be trusted to provide a buffer for the kernel
to use. Remove k_stack_init() as a syscall and offer
k_stack_alloc_init() which allocates a buffer from the caller's
resource pool.
Fixes#7285
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Dynamic kernel objects no longer is hard-coded to use the kernel
heap. Instead, objects will now be drawn from the calling thread's
resource pool.
Since we now have a reference counting mechanism, if an object
loses all its references and it was dynamically allocated, it will
be automatically freed.
A parallel dlist is added for efficient iteration over the set of
all dynamic objects, allowing deletion during iteration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some kernel APIs may need to allocate memory in order to function
correctly, especially if they are exposed to userspace where
buffers provided by user code cannot be trusted.
Instead of simply drawing from the system heap, specific pools
may instead be assigned to threads, and any requests made on
behalf of the calling thread will draw heap memory from that pool.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Forthcoming patches will dual-purpose an object's permission
bitfield as also reference tracking for kernel objects, used to
handle automatic freeing of resources.
We do not want to allow user thread A to revoke thread B's access
to some object O if B is in the middle of an API call using O.
However we do want to allow threads to revoke their own access to
an object, so introduce a new API and syscall for that.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This works like k_malloc() but allows the user to designate
a specific memory pool to use instead of the kernel heap.
Test coverage provided by existing tests for k_malloc(), which is
now derived from this API.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Adding a new kernel object type or driver subsystem requires changes
in various different places. This patch makes it easier to create
those devices by generating as much as possible in compile time.
No behavior change.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
